httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject cvs commit: httpd-2.0/server/mpm/netware mpm_netware.c
Date Fri, 19 Mar 2004 11:16:04 GMT
trawick     2004/03/19 03:16:03

  Modified:    .        CHANGES configure.in
               include  ap_config.h
               os/unix  unixd.c
               server   listen.c
               server/mpm/netware mpm_netware.c
  Log:
    *) SECURITY: CAN-2004-0174 (cve.mitre.org)
       Fix starvation issue on listening sockets where a short-lived
       connection on a rarely-accessed listening socket will cause a
       child to hold the accept mutex and block out new connections until
       another connection arrives on that rarely-accessed listening socket.
       With Apache 2.x there is no performance concern about enabling the
       logic for platforms which don't need it, so it is enabled everywhere
       except for Win32.  [Jeff Trawick]
  
  (already in 2.0.49, propagating to mirrors now)
  
  Revision  Changes    Path
  1.1429    +9 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1428
  retrieving revision 1.1429
  diff -u -r1.1428 -r1.1429
  --- CHANGES	19 Mar 2004 02:32:25 -0000	1.1428
  +++ CHANGES	19 Mar 2004 11:16:02 -0000	1.1429
  @@ -283,6 +283,15 @@
   
   Changes with Apache 2.0.49
   
  +  *) SECURITY: CAN-2004-0174 (cve.mitre.org)
  +     Fix starvation issue on listening sockets where a short-lived
  +     connection on a rarely-accessed listening socket will cause a
  +     child to hold the accept mutex and block out new connections until
  +     another connection arrives on that rarely-accessed listening socket.
  +     With Apache 2.x there is no performance concern about enabling the 
  +     logic for platforms which don't need it, so it is enabled everywhere
  +     except for Win32.  [Jeff Trawick]
  +
     *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
        [Jeff Trawick]
   
  
  
  
  1.260     +7 -0      httpd-2.0/configure.in
  
  Index: configure.in
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/configure.in,v
  retrieving revision 1.259
  retrieving revision 1.260
  diff -u -r1.259 -r1.260
  --- configure.in	7 Feb 2004 00:27:36 -0000	1.259
  +++ configure.in	19 Mar 2004 11:16:03 -0000	1.260
  @@ -235,6 +235,8 @@
         ;;
   esac
   
  +APR_SETVAR(AP_NONBLOCK_WHEN_MULTI_LISTEN, [1])
  +
   dnl
   dnl Process command line arguments. This is done early in the process so the
   dnl user can get feedback quickly in case of an error.
  @@ -484,6 +486,11 @@
   if test "$SINGLE_LISTEN_UNSERIALIZED_ACCEPT" = "1"; then
       AC_DEFINE(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, 1, 
                 [This platform doesn't suffer from the thundering herd problem])
  +fi
  +
  +if test "$AP_NONBLOCK_WHEN_MULTI_LISTEN" = "1"; then
  +    AC_DEFINE(AP_NONBLOCK_WHEN_MULTI_LISTEN, 1, 
  +              [Listening sockets are non-blocking when there are more than 1])
   fi
   
   AC_DEFINE_UNQUOTED(AP_SIG_GRACEFUL, SIG$AP_SIG_GRACEFUL, [Signal used to gracefully restart])
  
  
  
  1.76      +3 -0      httpd-2.0/include/ap_config.h
  
  Index: ap_config.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/include/ap_config.h,v
  retrieving revision 1.75
  retrieving revision 1.76
  diff -u -r1.75 -r1.76
  --- ap_config.h	9 Feb 2004 20:38:21 -0000	1.75
  +++ ap_config.h	19 Mar 2004 11:16:03 -0000	1.76
  @@ -230,6 +230,9 @@
   #include "ap_config_auto.h"
   #include "ap_config_layout.h"
   #endif
  +#if defined(NETWARE)
  +#define AP_NONBLOCK_WHEN_MULTI_LISTEN 1
  +#endif
   
   /* TODO - We need to put OS detection back to make all the following work */
   
  
  
  
  1.68      +13 -0     httpd-2.0/os/unix/unixd.c
  
  Index: unixd.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/os/unix/unixd.c,v
  retrieving revision 1.67
  retrieving revision 1.68
  diff -u -r1.67 -r1.68
  --- unixd.c	10 Mar 2004 21:06:11 -0000	1.67
  +++ unixd.c	19 Mar 2004 11:16:03 -0000	1.68
  @@ -531,6 +531,19 @@
   #ifdef ENETUNREACH
           case ENETUNREACH:
   #endif
  +        /* EAGAIN/EWOULDBLOCK can be returned on BSD-derived
  +         * TCP stacks when the connection is aborted before
  +         * we call connect, but only because our listener
  +         * sockets are non-blocking (AP_NONBLOCK_WHEN_MULTI_LISTEN)
  +         */
  +#ifdef EAGAIN
  +        case EAGAIN:
  +#endif
  +#ifdef EWOULDBLOCK
  +#if !defined(EAGAIN) || EAGAIN != EWOULDBLOCK
  +        case EWOULDBLOCK:
  +#endif
  +#endif
               break;
   #ifdef ENETDOWN
           case ENETDOWN:
  
  
  
  1.100     +20 -0     httpd-2.0/server/listen.c
  
  Index: listen.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/listen.c,v
  retrieving revision 1.99
  retrieving revision 1.100
  diff -u -r1.99 -r1.100
  --- listen.c	9 Feb 2004 20:40:49 -0000	1.99
  +++ listen.c	19 Mar 2004 11:16:03 -0000	1.100
  @@ -383,6 +383,26 @@
       }
       old_listeners = NULL;
   
  +#if AP_NONBLOCK_WHEN_MULTI_LISTEN
  +    /* if multiple listening sockets, make them non-blocking so that
  +     * if select()/poll() reports readability for a reset connection that
  +     * is already forgotten about by the time we call accept, we won't
  +     * be hung until another connection arrives on that port
  +     */
  +    if (ap_listeners->next) {
  +        for (lr = ap_listeners; lr; lr = lr->next) {
  +            apr_status_t status;
  +
  +            status = apr_socket_opt_set(lr->sd, APR_SO_NONBLOCK, 1);
  +            if (status != APR_SUCCESS) {
  +                ap_log_perror(APLOG_MARK, APLOG_STARTUP|APLOG_ERR, status, pool,
  +                              "ap_listen_open: unable to make socket non-blocking");
  +                return -1;
  +            }
  +        }
  +    }
  +#endif /* AP_NONBLOCK_WHEN_MULTI_LISTEN */
  +
       /* we come through here on both passes of the open logs phase
        * only register the cleanup once... otherwise we try to close
        * listening sockets twice when cleaning up prior to exec
  
  
  
  1.87      +0 -3      httpd-2.0/server/mpm/netware/mpm_netware.c
  
  Index: mpm_netware.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/mpm/netware/mpm_netware.c,v
  retrieving revision 1.86
  retrieving revision 1.87
  diff -u -r1.86 -r1.87
  --- mpm_netware.c	17 Mar 2004 19:47:08 -0000	1.86
  +++ mpm_netware.c	19 Mar 2004 11:16:03 -0000	1.87
  @@ -828,9 +828,6 @@
           if (sockdes > listenmaxfd) {
               listenmaxfd = sockdes;
           }
  -        /* Use non-blocking listen sockets so that we
  -           never get hung up. */
  -        apr_socket_opt_set(lr->sd, APR_SO_NONBLOCK, 1);
       }
       return 0;
   }
  
  
  

Mime
View raw message